What Barry and Tobias said. Additionally:
On Aug 14, 2014, at 7:20 PM, Ryan Sleevi <[email protected]> wrote: > In addition to these poibts, the feedback/recent errata from Eric Lawrence > regarding HSTS is also extremely relevant to the discussion of HPKP, and we > were waiting to see what actions, if any, the WG takes regarding that draft, > lest we find ourselves immediately writing a bis to deal with those same > points. > > I don’t know what is going to come of the issue that Eric found. It’s entirely possible that nothing will come out of it, or that we’ll have a document updating HSTS, or that we’ll have a document profiling the deployment of HSTS. Either way, this will require more discussion either in this working group or elsewhere. If we wanted to make a change like this to HPKP, that would require pulling the publication request and sending the document back to the working group. I don’t think any of us wants that. So, I think you should make all the necessary changes regardless of Eric’s issue, so that we can progress HPKP. If that issue later leads to a new RFC, it can update and/or profile HPKP at the same time as it does HSTS. This should not impede our progress. Yoav
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
